Mozilla Firefox 32 "untrusts" 1024 bit certs.your cert is ?

Forum Moderators: open

Message Too Old, No Replies

Mozilla Firefox 32 "untrusts" 1024 bit certs.your cert is ?

If you bought a 1024 bit cert for 3 or 5 years..This may affect you..

Leosghost

8:05 pm on Sep 8, 2014 (gmt 0)

Over 107,000 websites have been consigned to the depths of the untrusted internet after Mozilla's move last week to allow its 1024-bit certificates to expire. The latest shipment of Firefox 32 improved security by killing support for the 1024-bit certificate authority (CA) certificates within the browser's trusted store

.

[theregister.co.uk...]

engine

10:56 am on Sep 11, 2014 (gmt 0)

That's a lot of sites!

Perhaps we all missed the news that 1024-bit is being dropped.

not2easy

2:38 pm on Sep 11, 2014 (gmt 0)

I have been curious, seeing the number of reports of traffic drop-offs for ecommerce sites, whether it might be related somehow. I was wondering whether computer AV/security programs might already be warning shoppers, especially for ecommerce with pass-through processing set-ups.

Leosghost

1:13 am on Sep 12, 2014 (gmt 0)

Related news..
[theregister.co.uk...]

@not2easy..

I have been curious, seeing the number of reports of traffic drop-offs for ecommerce sites, whether it might be related somehow. I was wondering whether computer AV/security programs might already be warning shoppers, especially for ecommerce with pass-through processing set-ups.

May very well be the reason in some cases..and if "bounce" due to "cert warnings" is taken into account by G, the effect could "snowball" for some sites, causing large traffic drops and SERP position shifts..which will only get worse as browsers signal more "issues"..

Linked from the article at el reg is this piece
[community.qualys.com...]
( have to copy and paste the address as the board system here does not like https links ) explaining how to be prepared..

not2easy

1:35 am on Sep 12, 2014 (gmt 0)

How very interesting. Thank you, Leosghost. Looks like there is some scrambling to be done that businesses may not be aware of. The older SHA-1 type certificate was supposed to be good through 2016 so they will need to take steps themselves to make it happen. The updates in browsers mean more momentum.

tangor

3:49 am on Sep 12, 2014 (gmt 0)

Got to wonder why the vampire stake through the heart was done on 1024 certs. Any background on that? 100k plus sites shamed... there's got to be a reason.

not2easy

4:00 pm on Sep 15, 2014 (gmt 0)

The SHA-1 encryption technology was cracked nine years ago. It makes SSL transactions using that type of certificate technology subject to "Man-in-the-Middle" attacks where third parties can maliciously retrieve login, PIN and credit information unseen during a transaction online. It was first cracked and announced in 2005, but since recent new changes this month in the readily available newer certificates, it is one way to try to get the attention of folks who haven't kept up.